Content deleted Content added
Fixed typo Tags: Mobile edit Mobile app edit Android app edit |
→Other vulnerabilities: Reports of old vulnerable dongles being sold 3 years after the fact |
||
Line 44:
== Security ==
Several security vulnerabilities of the Logitech Unifying system have been reported in 2016 and 2019,<ref name=vulerabilities>{{cite web
| url=https://github.com/mame82/misc/blob/master/logitech_vuln_summary.md
| title=Summary / Overview of known Logitech wireless peripheral vulnerabilities
Line 51:
| accessdate=2019-07-25}}</ref> and patches released.
===
[[Mousejacking|MouseJacking]], first reported by Bastille Networks, Inc.,<ref name=vulerabilities/> is the sending of malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. The exploit takes advantage of a user's vulnerable Logitech Unifying receiver and unencrypted signals within a range of about 100 meters. Possible exploits include:
* Keystroke injection by either spoofing a paired mouse or keyboard
Line 224:
=== Other vulnerabilities ===
On July 9, 2019 another set of vulnerabilities was disclosed and documented by a different researcher.<ref name=vulerabilities/> A firmware update for Unifying receivers addressing the "Encryption Key Extraction Through USB" vulnerability (CVE-2019-13054/55) was released on 28 August 2019.<ref name=2019patch/> Some users reported in 2019 that some Unifying devices are still being sold that are vulnerable to the original 2016 [[Mousejacking|MouseJacking]] attack.<ref>{{Cite web|url=https://www.theverge.com/2019/7/14/20692471/logitech-mousejack-wireless-usb-receiver-vulnerable-hack-hijack|title=Why you should really, really update your Logitech wireless dongle|last=Hollister|first=Sean|date=2019-07-14|website=The Verge|language=en|access-date=2020-01-02}}</ref>
== See also ==
| |||